Web lists-archives.com

Re: ping Walt, bug about add-on verification override

On 02/08/2017 05:23 PM, WaltS48 wrote:
On 02/07/2017 07:32 PM, Caver1 wrote:
On 02/07/2017 06:14 PM, »Q« wrote:
FYI.  Walt, in m.s.f you recently talked about filing a bug about the
fact that Fx can be configured not to verify add-ons.  I did file a bug
on it, which was eventually marked a dupe of a hidden bug.  That one's
been unhidden now,
<https://bugzilla.mozilla.org/show_bug.cgi?id=1292444>.  I won't try to
summarize -- I think to get a grip on the problem and what they might
do about it, you gotta read it through and chase the links to other
bugs, especially paying attention to Kaply's comments.

Why is that a bug?

Disabling security, as indicated by the RESOLVED:DUPLICATE status of Q's
bug as a duplicate of the previously hidden ACCESS DENIED bug 1292444.

Any bug a user sees as ACCESS DENIED is a security vulnerability.

In the Eyes of the beholder. It's up to the user. I have been using said extensions for years with no security problems. If I want/need to use them then I have the choice to do so which harms no one.

general mailing list